Avira-Windowssystem blockiert / BKA-Trojaner :(

Julie2901 · 07.03.2012, 20:25

Hey,
Ich hoffe , dass man mir hier irgendwie helfen kann.

Seit gestern verdunkelt sich plötzlich mein Bildschirm nach ca. 10 min surfen, dann kommt ein weißes Fenster "Avira - ihr Windowssystem wurde blockiert.." mit einer Zahlungsaufforderung. Da mir das gestern nach diversen Neustarts immer wieder passiert ist , hab ich es mal gegoogelt und schnell rausgefunden dass es sich um diesen BkA- Trojaner handeln muss.

Wie kann ich diesen Virus wieder von meinem Laptop jagen?:/ Könnte mir da bitte jemand behilflich sein?
Leider bin ich kein großer PC-Profi, sodass es nett wäre, wenn mir das jemand verständlich erklären könnte.

Besten Dank schonmal ,

Julie

Chris4You · 07.03.2012, 20:40

Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Julie2901 · 07.03.2012, 23:47

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.03.2012 23:27:18 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Dokumente und Einstellungen\Julska\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,89% Memory free
3,72 Gb Paging File | 3,30 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 0,32 Gb Free Space | 2,20% Space Free | Partition Type: NTFS
Drive D: | 134,39 Gb Total Space | 96,74 Gb Free Space | 71,98% Space Free | Partition Type: NTFS
 
Computer Name: WOLSKI-BCC8AC0E | User Name: Julska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Julska\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - D:\Programme\1&1 Surf-Stick\UIMain.exe ()
PRC - D:\Programme\1&1 Surf-Stick\CMUpdater.exe ()
PRC - D:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
PRC - D:\Programme\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Rockwell Software, Inc.)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko10.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UISetting.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UIMain.exe ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UISms.dll ()
MOD - D:\Programme\1&1 Surf-Stick\CMUpdater.exe ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UpdateAgent.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UIMms.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UISkin.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UIUssd.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UIPlugin\UIStk.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIDataBase.dll ()
MOD - D:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
MOD - D:\Programme\1&1 Surf-Stick\UICommonDlg.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIConfig.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BKService.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BISetting.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BISms.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BICodec.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIPhoneBook.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIXml.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIService.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\CMCOMService.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIRas.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIDevManager.dll ()
MOD - D:\Programme\1&1 Surf-Stick\UIExec.exe ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIOptimizationClient.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BILog.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIConnectRecord.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIStk.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIVoice.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BIUssd.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\SysService.dll ()
MOD - D:\Programme\1&1 Surf-Stick\Component\BICallRecord.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SearchAnonymizer) -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (UI Assistant Service) -- D:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (upperdev) --  File not found
DRV - (UfasoftSnifDriver4) --  File not found
DRV - (smserial) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (Packet) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (hwdatacard) --  File not found
DRV - (gtstusbser) --  File not found
DRV - (Changer) --  File not found
DRV - (a5s6a3a2) --  File not found
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\WINDOWS\system32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (SIS163u) -- C:\WINDOWS\system32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (EU3_USB) -- C:\WINDOWS\system32\drivers\EU3USB.sys ( Inc.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=_Sts4N1Mxgx1gz2umLuZrQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0CE2B29A-CD1E-4A32-9501-5FA3420E89E1}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7375706572746F6F6C6261722E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D54524C266F3D267372633D63726D26713D7B7365617263685465726D737D&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{3C4F8561-985D-47C6-9AA6-80448AF1239D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{48F0A5B8-46C1-4ED0-B1DA-B1CE64B7A2FD}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{4EC8C623-89E2-4131-B9ED-A6803E6E957F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{51D35792-C850-4C71-9472-51A6A9420793}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://www.mywebsearch.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6D797765627365617263682E636F6D2F6A73702F6366675F7265646972322E6A73703F69643D5A4B666F7830303026666C3D30267074623D5F537473344E314D78677831677A32756D4C755A72512675726C3D687474703A2F2F7365617263682E6D797765627365617263682E636F6D2F6D797765627365617263682F6466745F72656469722E6A68746D6C2673743D736226736561726368666F723D7B7365617263685465726D737D&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{D2242F83-1B9C-4FAE-BE67-5558AEB705DC}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=302dda8f-bf23-441c-b429-1b39657421b2&pid=icqt&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?v=2&bd=042010&ua=002&s=DEF&tid={5A2A9550-559E-EDDA-4934-290E3EE3CD13}&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.4.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?v=2&bd=042010&ua=002&s=NAUS&tid={5A2A9550-559E-EDDA-4934-290E3EE3CD13}&q="
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: D:\Programme\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: D:\Programme\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.02.15 14:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.12.27 22:27:04 | 000,000,000 | ---D | M]
 
[2009.03.05 18:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Extensions
[2012.03.02 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\extensions
[2011.12.27 22:52:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.15 11:24:45 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.03.02 15:03:45 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.09 17:59:07 | 000,001,985 | ---- | M] () -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\searchplugins\bing.xml
[2011.11.26 12:39:58 | 000,005,407 | ---- | M] () -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\searchplugins\fast-browser-search.xml
[2012.02.03 23:11:41 | 000,000,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\searchplugins\web-browser-search.xml
[2010.10.09 17:59:07 | 000,024,033 | ---- | M] () -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\searchplugins\{11B703A5-9EAA-4DFA-88D8-77DCE5D67F76}.xml
[2010.10.09 17:59:07 | 000,002,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\Mozilla\Firefox\Profiles\cxpw6jvn.default\searchplugins\{D01DDF59-74EA-4004-B30F-23B0E67731D7}.xml
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JULSKA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\CXPW6JVN.DEFAULT\EXTENSIONS\{ADE0487A-C040-4576-A3A2-A4F1B0525876}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JULSKA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\CXPW6JVN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.27 18:29:59 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [UIExec] D:\Programme\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Rockwell Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Julska\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - D:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251562122437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251574894156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A712DB3-BE21-4057-AEA8-22A4429E4967}: DhcpNameServer = 212.23.115.148 212.23.97.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.05 17:27:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.23 18:07:01 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\Shell - "" = AutoRun
O33 - MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\Shell - "" = AutoRun
O33 - MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\Shell - "" = AutoRun
O33 - MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\Shell - "" = AutoRun
O33 - MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\Shell - "" = AutoRun
O33 - MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\Shell - "" = AutoRun
O33 - MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\Shell\AutoRun\command - "" = F:\starter.exe
O33 - MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\Shell - "" = AutoRun
O33 - MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 23:26:48 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Julska\Desktop\OTL.exe
[2012.03.06 16:00:33 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Julska\Recent
[2012.02.28 12:52:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Reisekostenabrechnung 3
[2012.02.28 12:49:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{907549E1-1111-4EA2-9A82-21C7D9BBB851}
[2012.02.28 12:49:31 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Borland Shared
[2012.02.28 12:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Reisekostenabrechnung 3
[2012.02.28 11:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julska\Reisekostensoftware
[2012.02.28 11:35:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julska\Startmenü\Programme\Reisekosten
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 23:20:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.07 23:20:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.06 16:54:52 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Julska\Desktop\OTL.exe
[2012.03.01 18:11:44 | 000,013,010 | ---- | M] () -- C:\Dokumente und Einstellungen\Julska\Desktop\pienime.jpg
[2012.02.16 01:49:52 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 15:58:01 | 000,452,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.15 15:58:01 | 000,435,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.15 15:58:01 | 000,081,558 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.15 15:58:01 | 000,068,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.10 16:02:11 | 000,018,432 | -H-- | M] () -- D:\Eigene Dateien\photothumb.db
 
========== Files Created - No Company Name ==========
 
[2012.03.01 18:11:44 | 000,013,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Julska\Desktop\pienime.jpg
[2012.02.15 12:38:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 12:38:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2010.06.24 10:56:50 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI

< End of report >

--- --- ---

Julie2901 · 07.03.2012, 23:48

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2012 23:27:18 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Dokumente und Einstellungen\Julska\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,89% Memory free
3,72 Gb Paging File | 3,30 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 0,32 Gb Free Space | 2,20% Space Free | Partition Type: NTFS
Drive D: | 134,39 Gb Total Space | 96,74 Gb Free Space | 71,98% Space Free | Partition Type: NTFS
 
Computer Name: WOLSKI-BCC8AC0E | User Name: Julska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Programme\ICQ7.0\ICQ.exe" = D:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"D:\Programme\ICQ7.0\aolload.exe" = D:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"D:\Programme\ICQ7.6\ICQ.exe" = D:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"D:\Musik neu\BearShare Applications\BearShare\BearShare.exe" = D:\Musik neu\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\ICQ6.5\ICQ.exe" = D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Spiele\TmNationsForever\TmForever.exe" = D:\Spiele\TmNationsForever\TmForever.exe:*:Enabled:TmForever
"D:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = D:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup)
"D:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = D:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic
"D:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = D:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:Channel Editor
"C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Temp\{2C1436D8-EA85-4F5E-9153-03637B157492}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Temp\{2C1436D8-EA85-4F5E-9153-03637B157492}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup)
"D:\Programme\ICQ7.0\ICQ.exe" = D:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"D:\Programme\ICQ7.0\aolload.exe" = D:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"D:\Programme\mIRC\mirc.exe" = D:\Programme\mIRC\mirc.exe:*:Enabled:mIRC
"D:\Programme\X-Chat 2\xchat.exe" = D:\Programme\X-Chat 2\xchat.exe:*:Enabled:X-Chat IRC Client
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"D:\Programme\ICQ7.6\ICQ.exe" = D:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Programme\eMule\emule.exe" = D:\Programme\eMule\emule.exe:*:Enabled:eMule
"D:\Musik neu\BearShare Applications\BearShare\BearShare.exe" = D:\Musik neu\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2A2CA33-9E57-4949-9C23-C09AE032CBD2}" = Speedport W 100 Stick
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3EC469F-6296-42BF-B282-2EA2C6B80B06}" = BDE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.4
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BDE" = BDE
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{A2A2CA33-9E57-4949-9C23-C09AE032CBD2}" = Speedport W 100 Stick
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"PhotoScape" = PhotoScape
"Reisekosten Software" = Reisekosten Software
"Reisekostenabrechnung 3_is1" = Reisekostenabrechnung 3 Version 3.5.2
"SearchAnonymizer" = SearchAnonymizer
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.11.2011 05:27:48 | Computer Name = WOLSKI-BCC8AC0E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.11.2011 05:27:48 | Computer Name = WOLSKI-BCC8AC0E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 469906
 
Error - 28.11.2011 05:27:48 | Computer Name = WOLSKI-BCC8AC0E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 469906
 
Error - 28.11.2011 05:27:50 | Computer Name = WOLSKI-BCC8AC0E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.11.2011 05:27:50 | Computer Name = WOLSKI-BCC8AC0E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 471859
 
Error - 28.11.2011 05:27:50 | Computer Name = WOLSKI-BCC8AC0E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 471859
 
Error - 23.12.2011 17:05:11 | Computer Name = WOLSKI-BCC8AC0E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung bearshare.exe, Version 10.0.0.0, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 06.03.2012 12:17:14 | Computer Name = WOLSKI-BCC8AC0E | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 06.03.2012 12:27:33 | Computer Name = WOLSKI-BCC8AC0E | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
 Wenden Sie sich an den Microsoft-Produktsuppor
 
Error - 06.03.2012 12:29:15 | Computer Name = WOLSKI-BCC8AC0E | Source = ESENT | ID = 490
Description = svchost (1036) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ System Events ]
Error - 15.02.2012 09:51:23 | Computer Name = WOLSKI-BCC8AC0E | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
 
Error - 15.02.2012 10:51:32 | Computer Name = WOLSKI-BCC8AC0E | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
 
Error - 15.02.2012 10:53:52 | Computer Name = WOLSKI-BCC8AC0E | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
 
Error - 15.02.2012 10:53:53 | Computer Name = WOLSKI-BCC8AC0E | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
 
Error - 15.02.2012 10:57:04 | Computer Name = WOLSKI-BCC8AC0E | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "DFB9AD54AC .. F3EB7F.mof" auf Volume "HarddiskVolume1"
 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
 Die Volumeüberwachung wurde angehalten.
 
Error - 16.02.2012 09:33:31 | Computer Name = WOLSKI-BCC8AC0E | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
 
Error - 18.02.2012 01:45:18 | Computer Name = WOLSKI-BCC8AC0E | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
 fehlgeschlagen.
 
Error - 18.02.2012 01:45:18 | Computer Name = WOLSKI-BCC8AC0E | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
 fehlgeschlagen.
 
Error - 18.02.2012 01:45:58 | Computer Name = WOLSKI-BCC8AC0E | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
 fehlgeschlagen.
 
Error - 18.02.2012 01:45:58 | Computer Name = WOLSKI-BCC8AC0E | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
 fehlgeschlagen.
 
 
< End of report >

--- --- ---

Julie2901 · 07.03.2012, 23:49

Ich bedanke mich schonmal recht herzlich ! Muss ich nun noch iwas machen oder beachten?

Chris4You · 08.03.2012, 07:34

Hi,

bitte noch das Log vom TDSS-Killer posten...

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
SRV - (HidServ) --  File not found
DRV - (Changer) --  File not found
DRV - (a5s6a3a2) --  File not found
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Rockwell Software, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O32 - AutoRun File - [2010.05.23 18:07:01 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\Shell - "" = AutoRun
O33 - MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\Shell - "" = AutoRun
O33 - MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\Shell - "" = AutoRun
O33 - MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\Shell - "" = AutoRun
O33 - MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\Shell - "" = AutoRun
O33 - MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\Shell - "" = AutoRun
O33 - MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\Shell\AutoRun\command - "" = F:\starter.exe
O33 - MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\Shell - "" = AutoRun
O33 - MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\Shell\AutoRun\command - "" = F:\AutoRun.exe


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Julie2901 · 08.03.2012, 13:16

13:14:34.0375 3416 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
13:14:35.0781 3416 ============================================================
13:14:35.0781 3416 Current date / time: 2012/03/08 13:14:35.0781
13:14:35.0781 3416 SystemInfo:
13:14:35.0781 3416
13:14:35.0781 3416 OS Version: 5.1.2600 ServicePack: 3.0
13:14:35.0781 3416 Product type: Workstation
13:14:35.0781 3416 ComputerName: WOLSKI-BCC8AC0E
13:14:35.0781 3416 UserName: Julska
13:14:35.0781 3416 Windows directory: C:\WINDOWS
13:14:35.0781 3416 System windows directory: C:\WINDOWS
13:14:35.0781 3416 Processor architecture: Intel x86
13:14:35.0781 3416 Number of processors: 2
13:14:35.0781 3416 Page size: 0x1000
13:14:35.0781 3416 Boot type: Normal boot
13:14:35.0781 3416 ============================================================
13:14:37.0437 3416 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:14:37.0453 3416 \Device\Harddisk0\DR0:
13:14:37.0453 3416 MBR used
13:14:37.0453 3416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4B139
13:14:37.0453 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B1B7, BlocksNum 0x10CC9A49
13:14:37.0750 3416 Initialize success
13:14:37.0750 3416 ============================================================
13:14:59.0437 3232 ============================================================
13:14:59.0437 3232 Scan started
13:14:59.0437 3232 Mode: Manual; SigCheck; TDLFS;
13:14:59.0437 3232 ============================================================
13:14:59.0734 3232 Abiosdsk - ok
13:14:59.0734 3232 abp480n5 - ok
13:14:59.0781 3232 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:15:00.0703 3232 ACPI - ok
13:15:00.0781 3232 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:15:00.0937 3232 ACPIEC - ok
13:15:00.0953 3232 adpu160m - ok
13:15:00.0984 3232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:15:01.0156 3232 aec - ok
13:15:01.0203 3232 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:15:01.0218 3232 AegisP ( UnsignedFile.Multi.Generic ) - warning
13:15:01.0218 3232 AegisP - detected UnsignedFile.Multi.Generic (1)
13:15:01.0265 3232 AF15BDA (ad0565605d67500ca1c25d3a415d3dce) C:\WINDOWS\system32\drivers\AF15BDA.sys
13:15:01.0296 3232 AF15BDA ( UnsignedFile.Multi.Generic ) - warning
13:15:01.0296 3232 AF15BDA - detected UnsignedFile.Multi.Generic (1)
13:15:01.0375 3232 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:15:01.0437 3232 AFD - ok
13:15:01.0453 3232 Aha154x - ok
13:15:01.0453 3232 aic78u2 - ok
13:15:01.0468 3232 aic78xx - ok
13:15:01.0484 3232 AliIde - ok
13:15:01.0531 3232 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:15:01.0546 3232 AmdK8 ( UnsignedFile.Multi.Generic ) - warning
13:15:01.0546 3232 AmdK8 - detected UnsignedFile.Multi.Generic (1)
13:15:01.0546 3232 amsint - ok
13:15:01.0578 3232 asc - ok
13:15:01.0578 3232 asc3350p - ok
13:15:01.0593 3232 asc3550 - ok
13:15:01.0640 3232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:15:01.0796 3232 AsyncMac - ok
13:15:01.0890 3232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:15:02.0062 3232 atapi - ok
13:15:02.0062 3232 Atdisk - ok
13:15:02.0093 3232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:15:02.0250 3232 Atmarpc - ok
13:15:02.0328 3232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:15:02.0468 3232 audstub - ok
13:15:02.0546 3232 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:15:02.0562 3232 avgio - ok
13:15:02.0593 3232 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:15:02.0671 3232 avgntflt - ok
13:15:02.0703 3232 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:15:02.0718 3232 avipbb - ok
13:15:02.0750 3232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:15:02.0906 3232 Beep - ok
13:15:02.0984 3232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:15:03.0156 3232 cbidf2k - ok
13:15:03.0250 3232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:15:03.0421 3232 CCDECODE - ok
13:15:03.0421 3232 cd20xrnt - ok
13:15:03.0484 3232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:15:03.0640 3232 Cdaudio - ok
13:15:03.0687 3232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:15:03.0875 3232 Cdfs - ok
13:15:03.0906 3232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:15:04.0093 3232 Cdrom - ok
13:15:04.0234 3232 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:15:04.0390 3232 CmBatt - ok
13:15:04.0406 3232 CmdIde - ok
13:15:04.0468 3232 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:15:04.0640 3232 Compbatt - ok
13:15:04.0656 3232 Cpqarray - ok
13:15:04.0671 3232 dac2w2k - ok
13:15:04.0687 3232 dac960nt - ok
13:15:04.0703 3232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:15:04.0921 3232 Disk - ok
13:15:04.0968 3232 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:15:05.0187 3232 dmboot - ok
13:15:05.0234 3232 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:15:05.0421 3232 dmio - ok
13:15:05.0515 3232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:15:05.0687 3232 dmload - ok
13:15:05.0734 3232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:15:05.0906 3232 DMusic - ok
13:15:05.0906 3232 dpti2o - ok
13:15:05.0953 3232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:15:06.0109 3232 drmkaud - ok
13:15:06.0203 3232 EU3_USB (9d38d8cf163c03335ceb28bc391b75e0) C:\WINDOWS\system32\DRIVERS\EU3USB.sys
13:15:06.0281 3232 EU3_USB ( UnsignedFile.Multi.Generic ) - warning
13:15:06.0281 3232 EU3_USB - detected UnsignedFile.Multi.Generic (1)
13:15:06.0375 3232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:15:06.0578 3232 Fastfat - ok
13:15:06.0609 3232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:15:06.0796 3232 Fdc - ok
13:15:06.0875 3232 FET5X86V (e7072827d0b5f9bd99d6961571a38973) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
13:15:06.0937 3232 FET5X86V - ok
13:15:06.0968 3232 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
13:15:07.0140 3232 FETNDIS - ok
13:15:07.0234 3232 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:15:07.0406 3232 Fips - ok
13:15:07.0421 3232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:15:07.0609 3232 Flpydisk - ok
13:15:07.0640 3232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:15:07.0828 3232 FltMgr - ok
13:15:07.0843 3232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:15:08.0046 3232 Fs_Rec - ok
13:15:08.0078 3232 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:15:08.0328 3232 Ftdisk - ok
13:15:08.0406 3232 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
13:15:08.0609 3232 gagp30kx - ok
13:15:08.0656 3232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:15:08.0687 3232 GEARAspiWDM - ok
13:15:08.0718 3232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:15:08.0890 3232 Gpc - ok
13:15:08.0906 3232 gtstusbser - ok
13:15:08.0953 3232 HdAudAddService (b93f1aedbe74c100efd4f6b4a27907b2) C:\WINDOWS\system32\drivers\viahduaa.sys
13:15:09.0015 3232 HdAudAddService - ok
13:15:09.0109 3232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:15:09.0281 3232 HDAudBus - ok
13:15:09.0296 3232 hpn - ok
13:15:09.0343 3232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:15:09.0406 3232 HTTP - ok
13:15:09.0421 3232 hwdatacard - ok
13:15:09.0437 3232 i2omgmt - ok
13:15:09.0453 3232 i2omp - ok
13:15:09.0484 3232 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:15:09.0656 3232 i8042prt - ok
13:15:09.0687 3232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:15:09.0875 3232 Imapi - ok
13:15:09.0984 3232 ini910u - ok
13:15:10.0000 3232 IntelIde - ok
13:15:10.0031 3232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:15:10.0218 3232 Ip6Fw - ok
13:15:10.0281 3232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:15:10.0453 3232 IpFilterDriver - ok
13:15:10.0500 3232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:15:10.0671 3232 IpInIp - ok
13:15:10.0703 3232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:15:10.0890 3232 IpNat - ok
13:15:10.0953 3232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:15:11.0125 3232 IPSec - ok
13:15:11.0156 3232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:15:11.0234 3232 IRENUM - ok
13:15:11.0265 3232 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:15:11.0421 3232 isapnp - ok
13:15:11.0515 3232 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:15:11.0703 3232 Kbdclass - ok
13:15:11.0734 3232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:15:11.0906 3232 kmixer - ok
13:15:11.0937 3232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:15:12.0031 3232 KSecDD - ok
13:15:12.0078 3232 lbrtfdc - ok
13:15:12.0125 3232 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
13:15:12.0156 3232 massfilter - ok
13:15:12.0171 3232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:15:12.0343 3232 mnmdd - ok
13:15:12.0390 3232 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:15:12.0546 3232 Modem - ok
13:15:12.0609 3232 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:15:12.0796 3232 Mouclass - ok
13:15:12.0828 3232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:15:13.0000 3232 MountMgr - ok
13:15:13.0062 3232 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
13:15:13.0234 3232 MPE - ok
13:15:13.0296 3232 mraid35x - ok
13:15:13.0312 3232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:15:13.0500 3232 MRxDAV - ok
13:15:13.0546 3232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:15:14.0265 3232 MRxSmb - ok
13:15:14.0468 3232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:15:14.0656 3232 Msfs - ok
13:15:14.0687 3232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:15:14.0875 3232 MSKSSRV - ok
13:15:14.0921 3232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:15:15.0093 3232 MSPCLOCK - ok
13:15:15.0109 3232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:15:15.0296 3232 MSPQM - ok
13:15:15.0328 3232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:15:15.0500 3232 mssmbios - ok
13:15:15.0546 3232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:15:15.0718 3232 MSTEE - ok
13:15:15.0812 3232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:15:15.0828 3232 Mup - ok
13:15:15.0843 3232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:15:16.0015 3232 NABTSFEC - ok
13:15:16.0093 3232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:15:16.0281 3232 NDIS - ok
13:15:16.0343 3232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:15:16.0515 3232 NdisIP - ok
13:15:16.0578 3232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:15:16.0625 3232 NdisTapi - ok
13:15:16.0656 3232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:15:16.0828 3232 Ndisuio - ok
13:15:16.0859 3232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:15:17.0046 3232 NdisWan - ok
13:15:17.0093 3232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:15:17.0125 3232 NDProxy - ok
13:15:17.0203 3232 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:15:17.0218 3232 Netaapl - ok
13:15:17.0250 3232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:15:17.0421 3232 NetBIOS - ok
13:15:17.0453 3232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:15:17.0640 3232 NetBT - ok
13:15:17.0703 3232 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:15:17.0890 3232 nm - ok
13:15:17.0968 3232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:15:18.0125 3232 Npfs - ok
13:15:18.0187 3232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:15:18.0437 3232 Ntfs - ok
13:15:18.0484 3232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:15:18.0656 3232 Null - ok
13:15:18.0734 3232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:15:18.0906 3232 NwlnkFlt - ok
13:15:18.0968 3232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:15:19.0140 3232 NwlnkFwd - ok
13:15:19.0218 3232 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
13:15:19.0281 3232 NWUSBModem - ok
13:15:19.0312 3232 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
13:15:19.0343 3232 NWUSBPort - ok
13:15:19.0359 3232 Packet - ok
13:15:19.0406 3232 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
13:15:19.0578 3232 Parport - ok
13:15:19.0640 3232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:15:19.0812 3232 PartMgr - ok
13:15:19.0921 3232 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:15:20.0078 3232 ParVdm - ok
13:15:20.0109 3232 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
13:15:20.0140 3232 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
13:15:20.0140 3232 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
13:15:20.0171 3232 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:15:20.0218 3232 pccsmcfd - ok
13:15:20.0265 3232 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:15:20.0437 3232 PCI - ok
13:15:20.0500 3232 PCIDump - ok
13:15:20.0546 3232 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:15:20.0703 3232 PCIIde - ok
13:15:20.0765 3232 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:15:20.0921 3232 Pcmcia - ok
13:15:21.0000 3232 PDCOMP - ok
13:15:21.0015 3232 PDFRAME - ok
13:15:21.0015 3232 PDRELI - ok
13:15:21.0031 3232 PDRFRAME - ok
13:15:21.0046 3232 perc2 - ok
13:15:21.0062 3232 perc2hib - ok
13:15:21.0093 3232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:15:21.0281 3232 PptpMiniport - ok
13:15:21.0343 3232 PRISM_A02 (898890eaadda2892f6237a63f351dd58) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
13:15:21.0406 3232 PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning
13:15:21.0406 3232 PRISM_A02 - detected UnsignedFile.Multi.Generic (1)
13:15:21.0500 3232 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:15:21.0671 3232 Processor - ok
13:15:21.0734 3232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:15:21.0906 3232 PSched - ok
13:15:21.0968 3232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:15:22.0140 3232 Ptilink - ok
13:15:22.0250 3232 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:15:22.0265 3232 PxHelp20 - ok
13:15:22.0281 3232 ql1080 - ok
13:15:22.0296 3232 Ql10wnt - ok
13:15:22.0296 3232 ql12160 - ok
13:15:22.0312 3232 ql1240 - ok
13:15:22.0328 3232 ql1280 - ok
13:15:22.0359 3232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:15:22.0546 3232 RasAcd - ok
13:15:22.0609 3232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:15:22.0765 3232 Rasl2tp - ok
13:15:22.0828 3232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:15:22.0984 3232 RasPppoe - ok
13:15:23.0015 3232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:15:23.0171 3232 Raspti - ok
13:15:23.0281 3232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:15:23.0453 3232 Rdbss - ok
13:15:23.0484 3232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:15:23.0656 3232 RDPCDD - ok
13:15:23.0734 3232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:15:23.0890 3232 rdpdr - ok
13:15:23.0953 3232 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:15:23.0984 3232 RDPWD - ok
13:15:24.0062 3232 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:15:24.0218 3232 redbook - ok
13:15:24.0359 3232 S3GIGP (7e8f62b62f3b85b88f2fa1b6399b06f2) C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
13:15:24.0437 3232 S3GIGP - ok
13:15:24.0500 3232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:15:24.0562 3232 Secdrv - ok
13:15:24.0609 3232 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
13:15:24.0781 3232 Serial - ok
13:15:24.0843 3232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:15:25.0000 3232 Sfloppy - ok
13:15:25.0015 3232 Simbad - ok
13:15:25.0078 3232 SIS163u (30bed9b9dd98ffeb41af5d5cab972ef7) C:\WINDOWS\system32\DRIVERS\sis163u.sys
13:15:25.0109 3232 SIS163u ( UnsignedFile.Multi.Generic ) - warning
13:15:25.0109 3232 SIS163u - detected UnsignedFile.Multi.Generic (1)
13:15:25.0156 3232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:15:25.0343 3232 SLIP - ok
13:15:25.0390 3232 smserial - ok
13:15:25.0406 3232 Sparrow - ok
13:15:25.0437 3232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:15:25.0609 3232 splitter - ok
13:15:25.0718 3232 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
13:15:25.0718 3232 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
13:15:25.0718 3232 sptd ( LockedFile.Multi.Generic ) - warning
13:15:25.0718 3232 sptd - detected LockedFile.Multi.Generic (1)
13:15:25.0812 3232 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:15:25.0890 3232 sr - ok
13:15:25.0953 3232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:15:26.0000 3232 Srv - ok
13:15:26.0062 3232 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:15:26.0093 3232 ssmdrv - ok
13:15:26.0125 3232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:15:26.0281 3232 streamip - ok
13:15:26.0312 3232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:15:26.0500 3232 swenum - ok
13:15:26.0562 3232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:15:26.0734 3232 swmidi - ok
13:15:26.0750 3232 symc810 - ok
13:15:26.0781 3232 symc8xx - ok
13:15:26.0796 3232 sym_hi - ok
13:15:26.0828 3232 sym_u3 - ok
13:15:26.0859 3232 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:15:26.0906 3232 SynTP - ok
13:15:26.0921 3232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:15:27.0109 3232 sysaudio - ok
13:15:27.0203 3232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:15:27.0296 3232 Tcpip - ok
13:15:27.0359 3232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:15:27.0515 3232 TDPIPE - ok
13:15:27.0578 3232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:15:27.0765 3232 TDTCP - ok
13:15:27.0796 3232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:15:27.0968 3232 TermDD - ok
13:15:28.0000 3232 TosIde - ok
13:15:28.0046 3232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:15:28.0234 3232 Udfs - ok
13:15:28.0375 3232 UfasoftSnifDriver4 - ok
13:15:28.0546 3232 ultra - ok
13:15:28.0593 3232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:15:28.0796 3232 Update - ok
13:15:28.0812 3232 upperdev - ok
13:15:28.0843 3232 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:15:28.0890 3232 USBAAPL - ok
13:15:28.0921 3232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:15:29.0093 3232 usbccgp - ok
13:15:29.0125 3232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:15:29.0312 3232 usbehci - ok
13:15:29.0406 3232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:15:29.0562 3232 usbhub - ok
13:15:29.0625 3232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:15:29.0796 3232 usbprint - ok
13:15:29.0859 3232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:15:30.0015 3232 usbscan - ok
13:15:30.0078 3232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:15:30.0250 3232 USBSTOR - ok
13:15:30.0312 3232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:15:30.0468 3232 usbuhci - ok
13:15:30.0562 3232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:15:30.0750 3232 VgaSave - ok
13:15:30.0812 3232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:15:30.0968 3232 ViaIde - ok
13:15:30.0984 3232 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:15:31.0156 3232 VolSnap - ok
13:15:31.0203 3232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:15:31.0390 3232 Wanarp - ok
13:15:31.0453 3232 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:15:31.0500 3232 Wdf01000 - ok
13:15:31.0562 3232 WDICA - ok
13:15:31.0609 3232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:15:31.0765 3232 wdmaud - ok
13:15:31.0843 3232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:15:31.0890 3232 WpdUsb - ok
13:15:31.0953 3232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:15:32.0109 3232 WSTCODEC - ok
13:15:32.0187 3232 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:15:32.0250 3232 WudfPf - ok
13:15:32.0265 3232 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:15:32.0312 3232 WudfRd - ok
13:15:32.0359 3232 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
13:15:32.0421 3232 ZTEusbmdm6k - ok
13:15:32.0468 3232 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
13:15:32.0500 3232 ZTEusbnmea - ok
13:15:32.0562 3232 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
13:15:32.0593 3232 ZTEusbser6k - ok
13:15:32.0640 3232 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:15:32.0921 3232 \Device\Harddisk0\DR0 - ok
13:15:32.0937 3232 Boot (0x1200) (135e7e07dd97ba33510f8cf3c9ec9a2c) \Device\Harddisk0\DR0\Partition0
13:15:32.0937 3232 \Device\Harddisk0\DR0\Partition0 - ok
13:15:32.0937 3232 Boot (0x1200) (b1f90405e84a5017dbb87d038baaf6a0) \Device\Harddisk0\DR0\Partition1
13:15:32.0937 3232 \Device\Harddisk0\DR0\Partition1 - ok
13:15:32.0937 3232 ============================================================
13:15:32.0937 3232 Scan finished
13:15:32.0937 3232 ============================================================
13:15:33.0046 3436 Detected object count: 8
13:15:33.0046 3436 Actual detected object count: 8
13:15:47.0906 3436 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0906 3436 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0906 3436 AF15BDA ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0906 3436 AF15BDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0906 3436 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0906 3436 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0921 3436 EU3_USB ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0921 3436 EU3_USB ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0921 3436 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0921 3436 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0921 3436 PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0921 3436 PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0921 3436 SIS163u ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:47.0921 3436 SIS163u ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:47.0921 3436 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:15:47.0921 3436 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Julie2901 · 08.03.2012, 13:17

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Error: No service named a5s6a3a2 was found to stop!
Service\Driver key a5s6a3a2 not found.
File File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Dokumente und Einstellungen\Julska\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe moved successfully.
D:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14302dfe-37cd-11de-b2a9-a83f90fff454}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14302dfe-37cd-11de-b2a9-a83f90fff454}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14302dfe-37cd-11de-b2a9-a83f90fff454}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14302dfe-37cd-11de-b2a9-a83f90fff454}\ not found.
File G:\QsSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b620018-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b620018-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b620018-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b620018-2cee-11de-b264-c717df009952}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b620019-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b620019-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b620019-2cee-11de-b264-c717df009952}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b620019-2cee-11de-b264-c717df009952}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd76-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd79-2b5c-11de-b25c-cb9ced3e4a52}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841bcd7b-2b5c-11de-b25c-f1de787bd615}\ not found.
File F:\starter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad69c822-42f3-11df-b71a-001e33023d1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad69c822-42f3-11df-b71a-001e33023d1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad69c822-42f3-11df-b71a-001e33023d1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad69c822-42f3-11df-b71a-001e33023d1a}\ not found.
File F:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af4a628e-2b5f-11de-b25d-d2de798eaf52}\ not found.
File F:\AutoRun.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Julska
->Temp folder emptied: 16706 bytes
->Temporary Internet Files folder emptied: 230528 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31321075 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 30,00 mb

OTL by OldTimer - Version 3.2.35.1 log created on 03082012_130017

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Chris4You · 08.03.2012, 14:06

Hi,

bitte das Log von MAM posten...

chris

Avira-Windowssystem blockiert / BKA-Trojaner :(

Plagegeister aller Art und deren Bekämpfung: Avira-Windowssystem blockiert / BKA-Trojaner :(